<?

  error_reporting(E_ALL);
  ini_set('display_errors', 1);

if (empty($_COOKIE['user'])) {
  header('Location: index.php');
}

include_once 'controller.inc.php';
$db_link = db_connect();
$user = db_getUserByEmail($_COOKIE['user']);
db_disconnect($db_link);

include("header.inc.php");

?>

  <h1>Change Password</h1>
  
  <form name="edit_password" action="update_password.php" method="post" onsubmit="return validate()">
    <p>
      <label for="old_password">Current Password:</label><br/>
      <input type="password" name="old_password" id="old_password">
    </p>
    <p>
      <label for="password">New Password:</label><br/>
      <input type="password" name="password" id="password">
    </p>
    <p>
      <label for="password_check">Re-enter New Password:</label><br/>
      <input type="password" name="password_check" id="password_check">
    </p>
    <input type="hidden" name="id" value="<? echo $user->getID() ?>">
    
    <input type="submit" name="action" value="Change Password">
    or
    <a href="edit_user.php">Cancel</a>
  </form>

<script type="text/javascript">
function validate() {
  var form_fields = document.forms['edit_password'];
  var pass1 = form_fields['password'].value;
  var pass2 = form_fields['password_check'].value;
  
  if (pass1 != pass2) {
    alert('New passwords do not match.');
    return false;
  }
}
</script>

<?

include("footer.inc.php");

?>
